akiraaisha / fimap

Automatically exported from code.google.com/p/fimap
1 stars 0 forks source link

Bing Scanner Broken #70

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
[BEFOR REPORTING CHECK OUT THE SVN VERSION AND TEST IF IT'S ALREADY FIXED -
THANKS - REMOVE THIS LINE]

On which URL this error occures? (Important!)

Which version of fimap you are using? (You can see that in the very first
line)
fimap v.1.00_svn (Uitmuntende programmatuur alleen voor jij!)

On what operating system?
Debian GNU/Linux 6.0

Please provide any additional information below.
./fimap.py -B -q 'inurl:index.php?id="' -b -D --bmin=4 --bmax=9
fimap v.1.00_svn (Uitmuntende programmatuur alleen voor jij!)
:: Automatic LFI/RFI scanner and exploiter
:: by Iman Karim (fimap.dev@gmail.com)

Overwriting 'blind_min' setting to 4...
Overwriting 'blind_max' setting to 9...
Blind FI-error checking enabled.
BingScanner is searching for Query: 'inurl:index.php?id="'
Querying Bing Search: 'inurl:index.php?id="' with max pages 10...

========= CONGRATULATIONS! =========
You have just found a bug!
If you are cool, send the following stacktrace to the bugtracker on 
http://fimap.googlecode.com/
Please also provide the URL where fimap crashed.
Push enter to see the stacktrace...
cut here %<--------------------------------------------------------------
Exception: 'Web'
Traceback (most recent call last):
  File "./fimap.py", line 741, in <module>
    b.startGoogleScan()
  File "/home/carlos/fimap/src/bingScan.py", line 65, in startGoogleScan
    results = resp['SearchResponse']['Web']['Results']
KeyError: 'Web'

Original issue reported on code.google.com by cmendoza...@gmail.com on 1 Oct 2012 at 5:24

GoogleCodeExporter commented 9 years ago
Also i just want to ask you where i can find docs or related info about the 
PHPinfo exploit

Original comment by cmendoza...@gmail.com on 1 Oct 2012 at 5:25

GoogleCodeExporter commented 9 years ago
Hi!

Thanks for this bugreport.
I can clearly reproduce it.
I checked a bit what the issue is and it looks like bing completly got a new 
API.
So I have either to write my own bing api wrapper or search for a new one...

About the PHPInfo glitch:
You can read pretty much everything about it on this site: 
http://www.insomniasec.com/publications/LFI%20With%20PHPInfo%20Assistance.pdf

The plugin I wrote is based on that paper I linked to you.
I will make a video tutorial which explains how to do that with fimap when I 
have some spare time.

-imax.

Original comment by fimap....@gmail.com on 5 Oct 2012 at 10:42

GoogleCodeExporter commented 9 years ago
Thanks, that video would be a great help to use that plugin

Original comment by cmendoza...@gmail.com on 5 Oct 2012 at 3:30

GoogleCodeExporter commented 9 years ago
cmendozabenitez -  the phpinfo exploit and video is shown here: 
http://insecurety.net/?p=687 (if the sites down its cos I am moving webhost, 
but video is also here: http://www.youtube.com/watch?v=D6L5MUj53Vc

Original comment by the.info...@gmail.com on 26 Jan 2013 at 11:11